Europaisches Patentamt 



© Publication number: 



Office europ6en des brevets 



0 302 710 

A2 



® 



EUROPEAN PATENT APPLICATION 



@ Application number: 88307159.9 
© Date of filing: 03.08.88 



® mta 4 : G 06 F 1/00 



@ Priority: 05.08.87 US 82015 

@ Date of publication of application : 
08.02.89 Bulletin 89/06 

@ Designated Contracting States: DE FR GB IT 



® Applicant: International Business Machines Corporation 
Old Orchard Road 
Armonk,N.Y. 10504 (US) 

@ Inventor: Karp, Alan Hersh 
2227 Tasso Street 
Palo Alto Claifornia 94301 (US) 

© Representative: Appleton, John Edward 

IBM United Kingdom Limited Intellectual Property 
Department Hursley Park 
Winchester Hampshire S0212JN (GB) 



CM 
< 



CM 
O 
CO 



@ A method of controlling the use of computer programs. 

(§) The copy protection of personal computer (PC) software 
distributed on diskettes is assisted by providing a unique 
identification (ID) stored in read only memory (ROM) of a 
personal computer in which software on a diskette is to be 
used. This ID is accessible to the user of the computer. A 
vendor who wishes to protect his diskette-distributed software 
from illegal copying or use provides a source ID on the diskette. 
The personal computer ID is used with the source ID on the 
distributed diskette to produce an encoded check word, using 
any available encryption modality. The check word is generated 
and written onto the distributed diskette during installation and 
copied onto all backup versions made by the user's personal 
computer. Prior to each use of the program, the software on the 
diskette uses the personal computer and the source IDs and 
check word to verify that the software is being used on the 
same personal computer on which it was installed. 
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Description 

METHOD OF CONTROLLING THE USE OF COMPUTER PROGRAMS 

This invention reiates to copy protection of software on publicly-distributed diskettes through the use of an 
encryption technique which authenticates a uniquely-identified computing system as the one on which the 
5 software has originally been installed. 

Computing and the use of computers is no longer limited exclusively to large businesses and scientific or 
technical organizations. Computers are now widely employed by individuals to conduct the everyday 
transactions necessary to the lives of those individuals. A large personal computing industry has sprung up as 
a result. 

10 The personal computing industry includes not only the production and marketing of hardware (personal 
computers), but also development and commercial distribution of software. 

The software sector of the personal computing industry is marked by fierce competition and predatory 
practices. The possible consequences of copyright, trademark, and patent infringement have as little effect in 
dissuading the illegal reproduction, distribution and use of retail software as do commonly-acknowledged 

15 ideals of personal property and fair play. Elaborate schemes have been hatched to prevent illegal copying of 
software from diskettes. These efforts are directed not only at software pirates who operate as illegal, 
secondary suppliers of software, but also at individuals who permit casual, but illegal copying of software 
which they legally own. 

The efforts to prevent illegal copying of personal computing software distributed in the form of diskettes are 
20 lumped under the term "copy protection." In view of the substantial and continuing black market in illegal 
personal computing software, additional effective schemes for copy protection are desperately needed. 

The term copy protection includes a host of techniques aimed at the detection and prevention of illegal 
copying. These are known and widely reported. One technique involves insertion into software of artifacts 
whose locations are randomly determined when the software is initially placed on a diskette, and which can 
25 only be reproduced under the original copying conditions. When illegal copying is attempted, the artifacts are 
obliterated; their absence is detected by a process in the software which reacts by altering the software 
program. 

Another approach to copy protection involves the use of encryption to encrypt all or part of a 
mass-marketed software distributed on diskette form. In this regard, because of the prohibitive cost of 

30 encrypting and decrypting all of the software which is to be protected, encryption of an entire program is 
usually limited to certain main frame systems. 

Encryption is well understood in both its theoretical and practical aspects. Reference is given to: 
Massachusetts Institute of Technology document MlT/LCS/TM-82 entitled "A Method for Obtaining Digital 
Signatures in Public-Key Cryptosystems," authored by Rivest et al.; a publication authored by Merkle et al. and 

35 distributed by the Department of Electrical Engineering, Stanford University, entitled "Hiding Information and 
Receipts in Trap Door Knapsacks"; "New Directions in Cryptography" from lEEETRANSACTIONSONINFOR- 
MATIONTHEORY , Volume IT-22, No. 6, November 1976, by Diffie et al.; and the article entitled "Password 
Authentication With Insecure Communication," COMMUNICATIONSOFTHEACM , Volume 24, No. 11, 
November 1981, by Lamport. It is understood that many modifications of encryption are available, including 

40 public-key encryption. 

Utilization of encryption to protect data carried in a portable data storage medium is found in U.S. Patent 
No. 4,453,074 of Weinstein. The Weinstein patent discloses use of a password referenced to the personal 
characteristics of the possessor of a "credit card." This patent concerns the encryption of the concatenation 
of the password with a non-secret reference text, with the encryption effected by the secret one of a key pair. 

45 The result of the encryption is placed on the credit card so that, when the credit card is presented to a terminal 
for conducting a transaction, the transaction is authorized by decryption of the concatenated words in the 
terminal and comparison of the decryption with the joinder of the password entered by the user and the 
non-secret reference text which is available to the terminal. In the Weinstein example, one appreciates the use 
of encryption simply to gain entree to a system through a portable means (a credit card). In Weinstein the only 

50 use of encryption is to disguise the key unlocking the gate of access to the system; once access is gained, a 
transaction is conducted through the exchange of unencrypted data. 

Other examples of cryptographically controlled access to computing resources are provided in U.S. Patent 
No. 4,649,233 of Bass et al. and U.S. Patent No. 4,590,470 of Koenig. However, neither of these examples use 
an encrypted key to limit the use of diskette-distributed software to authorized hardware which is under the 

55 control of a software user, rather than the software distributor. 

The invention is based on the critical observation that a software vendor or distributor can limit access to 
diskette-borne software out of his control by use of a pass to the software which is created when the software 
is initially installed, then placed in the software after creation, and, thereafter, checked each time the software 
is initialized for execution or copying. The inventor has realized that such checking is effectively and efficiently 

60 implemented by the assignment of a randomly-determined CPU identification (CPUID) to each CPU capable of 
executing the software. When the software is distributed in diskette form, the source of the software (the 
vendor, for example) places a unique source identification (SID) on each diskette, which is combined with a 
CPUID by an encryption modality also on the diskette. The encryption takes place when the diskette is first 
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installed in the personal computer wherein the identified CPU is located. The product of the encryption is a 
check number placed on the diskette and used to qualify a check number generated by the encryption 
modality each time the software is executed or copied, if execution or copying is attempted through a CPU 
different from the one on which the software was originally installed, the check number placed on the diskette 
at installation will, in all likelihood, not match that produced by the encryption modality in response to the SID 5 
on the diskette and the identification of the other CPU. If the check number generated does not match the 
stored one, an evasion process is invoked which prevents user copying of the software on the unauthorized 
machine. 

The invention is expressed as a method of controlling the use and replication of diskette software contents 
and the like on unauthorized diskette-driven computing systems. The method includes placing a first 10 
identification (ID) code in a preselected computing system and then associating a second identification (ID) 
code with a source of programming software for the computing system. Next, the second ID code is placed on 
a diskette having a program obtained from the programming source. A first check number is derived through 
encryption of one of the identification codes by the other of the identification codes, and the check number is 
placed on the diskette. Thereafter, upon access, of the diskette by any computing system, a second check 15 
number is derived through the encryption based upon the second identification code on the diskette and an 
identification code in the accessing computing system and the second check number is compared with the 
first check number. If the two check numbers are identical, execution or copying of the software proceeds. 
This method contemplates the provision of execution evasion and copy protect features embedded in the 
software on the diskette and bypassing the features in the event that the two check numbers match. 20 

The invention is expressed also as a system for authorizing the use or replication of diskette software 
contents on selected computing systems, the system including a diskette containing a software program, a 
source identification (SID) code on the diskette associated with and identifying the source of the software, and 
a computing system for receiving the diskette and including at least one CPU having an embedded CPU 
identification (CPUID) code associated with and identifying that CPU. A programming modality is provided in 25 
the software which is executable on the CPU and which generates a check number through encryption of one 
of the ID codes by the other of the ID codes and uses the check number to prevent the execution or copying of 
the software on a CPU other than the identified one. 

The system affords site licensing of the software on the diskette by including a check storage area on the 
diskette for receiving a plurality of check numbers, each generated by the programming modality in response 30 
to the SID and a CPUID from a respective one of a plurality of authorized CPUs operating in the computer 
system. The site licensing embodiment also includes provision in the programming modality for using the 
check numbers in the check storage area to prevent execution or copying of the software by an unauthorized 
CPU. 

According to the invention, there is provided a method of controlling the use and replication of diskette 35 
software contents and the like on unauthorized diskette-driven computing systems, said method comprising 
the steps of: 

placing a first ID code in a preselected computing system; 

associating a second ID code with a source of programming software for said computing system; 40 
placing said second ID number on a diskette bearing a program obtained from said source, said program 
including an execution non-compliance feature; 

deriving a first check number through encryption of one of said ID numbers by the other of said ID numbers; 
placing said check number on said diskette; and 

upon access of said diskette by any computing system, deriving a second check number through said 45 
encryption based upon said second ID number on said diskette and an ID number in said accessing computing 
system, comparing said second with said first check number, and bypassing the non-compliance feature in the 
event of a match. 

In order that the invention may be fully understood, a preferred embodiment thereof will now be described 
with reference to the accompanying drawings in which: 50 

Figure 1 illustrates the components of the invention in their application context 

Figure 2 illustrates in greater detail the interconnection of a persona computer with a disk driver in 
which is inserted a disk configured for practicing the invention. 

Rgure 3 is a flow diagram illustrating the practice of the method o' inc invention during the initial 
installation routine contained in the software of the diskette of Figures 1 and 2 55 

Figure 4 is a flow diagram illustrating the method of the invention practiced during a legal execution of 
software installed according to Rgure 3. 

Figure 5 is a flow diagram fragment illustrating the method of the invention during copying of the 
diskette of Figures 1 and 2. 

Figure 6 is a representation of a CPUID. 60 

Figure 7 illustrates an alternative embodiment of the invention. 
Giving reference to Figure 1, a description of the environment in which the invention is to be utilized is now 
presented. The invention is executable upon a combination including a personal computer (PC) 10 and a 
magnetic disk ("diskette 0 ) 12. The personal computer can be from any vendor, for example, it can comprise 
one selected from any of the PC series available from International Business Machines Corporation, Armonk, 65 
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KS"^ 8 **T 12 iS a fl3t CirCU ' 3r plate at ,east one magnetizable surface layer on which data can 

« nStl0al,y operate under the contro1 of a disk operating system (DOS) such as the DOS if Th! 
DOS 16 conventionally operates in connection with a disk driver (DD) su^aT the disk drtveM 8 to manaae 22 
of a diskette such as the diskette 12 as a secondary storage device. The DOS 16 provides the mSiont 

Ts? s ^wn op it e tt? e disk -2 ri r 18 , in reaain ^ and data « twc,,ons 

th^reoaTd ^ftwi fl^n !"„ !? * tranSp ° rt appr,Cation P^ming into personal computers. In 

appbcation program d stributed on diskettes and enjoying wide popularity is the -sp^adsheet^g^m 
The sequences of instructions which make up application (and other) oroaram f ™ Iwh ♦„ 

L^?- ^ 38 ' SOftWare -' Wl resard ' *• term "software" rSer ^ to any'series c? SucSon ££ 
earned in code form on a diskette, which is entered into a personal computer for executL ft^non 

' 3r °^T*k 8 PROTECT module 26. When the diskette 12 is firet enter^d^n^o WePC 10 forthe tattfcfi 
use of the application 24, the structure of the program 20 requires a user to 3SS!w^lJ-^^ 

nsST" °! *■ p J 10 - ,n thfe regard ' the ^stai± moSS i a ^S^S!SSSSS!SSSr 

list (not shown) regarding various structural or functional features of the PC m For Iv a «T«L par ? m f ter 

pt In ™k ' l^, 0 ^ Positioning function would be entered into the parameter list if available on he 

PC 10. Other parameter list data acquired by the INSTALL module 21 could include for example CRT imlnS 
SElS;^h POrt address ^ Addfti ° n ^ *• 'NSTALL module 21 may £q£ a ffftS S 
3SSJ?^ application 24 and selected by the user. For example, the first-time use • <5TeSSta 
app cation program may select an error correction dialog to be invoked by the application prograrr S 

nr^^T^ m0dU,e 22 15 031,611 10 establish * e initial sessi on connectivity between the application 
ar7S™ n 0P Ttt 16 Whenever * e diskette 1 2 is inser ted into thednver ^foTe^cSofthe 
w2o *r 24 ' ^ ' NmAU2E m ° dUle 22 inc,ude interac «° n «ith the user, but ceS involves 
ESS I? ° Perat ' ng SyStem 1 6 f ° r purpose of tra nsf erring the application program 24 h whS £ 

In the practice of the invention, the software 20 further includes a source identification fSlDi ?r » rhori, 
number storage location (CHKSTOR) 30, and an encryption module [ISwPTiSTSS the SID 2st 
VEIiSSLT 0 ™"- ^ and idenWying me S0UrCe of * e diskette-disced soZrf^ ft£» is 
Snr52t.DL°SlS ? V T^? 0 ' " ho ^ t0 protect his software from ffle^se or 
CHKSTO?^?^ " ° nt °u the d,Sk6tte 12 in 30 ^dressable location known to the ENCRYPT routine 
CHKSTOR 30 is a storage area whose location is known to both the INSTALL and ENCRYPT mod ,i« Vn!i 

'SSSSEESt ° r ^ 3 ^dor-instafled code fJ^^S^SSZS^^ 

SSes II and^ e H mP ^ e ENCRYPT m ° dUle 32 iS 3 pr0CesS ' ^ «* the INSTAU ano WmJE 

SS^SSKSaTSSS^."^ kno " n enoryption process "** 030 perfomi enc ^™ s 

Also necessary to the practice of the invention is the provision of a CPU identification fCPUlDi -w ■„ th- 

comouferTK ^ 36 " 3 WOrd « in the ^^nSSfSiSSSi ptrJoS 
computer 10. In the preferred embodiment, the word consists of 64 bits which serve to unioueh ^SS. 
personal computer 10. The word has the format shown in Figure 6. The 9^Kb^£S^!J^& 

iSE^'S^^i: CPU,D meets 

manufacturer. In order to avoid the need for standardization, the remaininq 48 bits of the CPUID -v? a « £1*11 
at random; thus, the probability of two personal computers' having Z22 W*Z2&Z2Z!1 
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further asserted that the CPUID is located in a standard location whose address is the same from one personal 
computer to the next. Last, the address of the CPUID 36 is known to the ENCRYPT module 32. It is 
contemplated that the CPUID would be generated, placed in ROM, and installed in the PC 10 by the 
manufacturer of the PC. 

As specified, the ENCRYPT module 32 is a process automatically called by the INSTALL and INITIALIZE 5 
modules during their executions. Figure 2 symbolically illustrates the ENCRYPT module 32 being performed by 
the CPU 14. When executed, the ENCRYPT module obtains the CPUID 36 from its addressable location in the 
PC 10 and obtains the SID 28 from its addressable location on the diskette 12. When obtaining the CPUID, the 
ENCRYPT module employs a conventional validity checking modality to ascertain whether the CPUID meets 
the pre-established validity requirements. In the discussion following, it is presumed that the CPUID is valid; if 10 
not, the evasion and/or protection features described below can be implemented. The SID 28 Is obtained by a 
standard READ function in the PC 10. The CPUID 36 and SID 28 are subjected to the encryption algorithm 
embodied in the ENCRYPT module 32 to produce a check number, or code (CHK). If the ENCRYPT module 32 
is called by the INSTALL module 21 , the positive exit is taken from the decision 40 and the WRITE function 42 is 
called to write CHK into the first available spot in the CHKSTOR sector 30 of the disk 12. In Figure 2, a check 15 
number is entered in location 44 of CHKSTOR 30. Alternatively, If the ENCRYPT module 32 is called by the 
INITIALIZE routine 22. the READ function 38 is invoked to obtain CHK from location 44 on the disk 12 whence It 
is provided to a COMPARE function 46 embedded in the ENCRYPT module 32. In addition, the check number 
generated by the ENCRYPT module 32, instead of being written to CHKSTOR on the diskette 12, is also 
provided to the COMPARE function 46. The COMPARE function 46 is a conventional procedure used to 20 
determine whether the check number generated by the ENCRYPT module 32 is identical with CHK 44. If the 
output of the ENCRYPT function 32 does not compare with the check number 44, the output of the COMPARE 
function 46 indicates such a disparity and is used to invoke the COPY PROTECT module 26 or an EVASION 
step built into the INSTALL and INITIALIZE modules. 

Referring now to Figures 3-5 and Tables l-lll, the operation of the invention and its method embodiment will 25 
be explained. The method is executable during the three major phases of software operation listed in Table I. 
Thus, the method is invoked by the INSTALL module 21 when the diskette 12 is loaded into the PC 10 for 
establishing or changing global operating parameters of the PC. The method is also operated whenever the 
diskette 12 is inserted into the disk driver 18 for execution of the APPLICATION module 24 or whenever the 
diskette 12 is inserted into the disk driver 18 for the purpose of copying the software 20 to another diskette 30 
through invocation of the COPY command of the PC 10. 
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TABLE I 
INSTALL 

EXECUTE APPLICATION 

copy 

TABLE II 

INSTALL PROCEDURE 

DO INSTALL 

DO ENCRYPT 

IP CHKSTOR NOT INITIALIZED, 
THEN, WRITE CHK TO CHKSTOR 
GO TO CONTINUE INSTALL 
ELSE 

IF MCF AND CHKSTOR IS NOT FULL, 
THEN, 

IF CHK EQUALS A CHK IN CHKSTOR 

GO TO CONTINUE INSTALL 

ELSE 

WRITE CHK IN CHKSTOR 
GO TO CONTINUE INSTALL 
END 
ELSE, 
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IF CHKSTOR IS FULL 
THEN, 

EVADE EXECUTION 
ELSE, 

IF CHK DOES NOT EQUAL CHK 

IN CHKSTOR 

THEN 

EVADE EXECUTION" 
ELSE 

GO TO CONTINUE INSTALL 
END 

CONTINUE INSTALL 
END 

. TABLE III 

EXECUTE APPLICATION 

DO INITIALIZE 

DO ENCRYPT 

IF CHK DOES NOT EQUAL CHK 
THEN, EVADE EXECUTING 
ELSE CONTINUE INITIALIZE 

END 

CALL APPLICATION 
END 
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i* ^SST 2?! l and Tab ' e "' Whe " 0,6 software 20 18 initia »y installed in the p C 10, the INSTALL module 
™£j£L^XS£ V ^^S"^ 00 of the PC 10 that are determinative of the mode of 

I S2 Mhi SiSS JSn oo • ° U T 9 * e P erformance ° f *e INSTALL process, the ENCRYPT module 32 
£SS ; ou^^ lf ld S1D 28 obtamed and encrypted, and a CHKNO is generated. If nothing has been 
wntten to CHKSTOR the generated CHKNO is written to CHKSTOR and the INSTALL process is continued 

ZSSZS^S^ 18 ^ ■ nd J r a mumcheck flag (MCF) 46 is Set ' rt is ass " med that * e vend " 

S rH?^r? R 1 , 6 1 L° ^V he SOftWare at 8 site wnere a plura,it y of CPU's will access it. In this 
S?KSt2r S! ^ ,^ ^« 6t ' 016 9enerated CHK iS Com P ared tne CHK's already in 

Sml^I f f ? « d ' the ,nstal,at,on P rocess continued, the assumption being that the authorized 
h™L P^irrto" ^ f J" 1 P arameters - Otherwise, the nonmatched CHKNO is written to CHKSTOR. If. 
however CHKSTOR is full, rt is assumed that the number of CPU's contemplated to be covered by the license 
have qualified, in which case an exit EVADE EXECUTION is taken. 

On the other hand, if the diskette 12 is intended only for use with a single CPU, the generated CHKNO is 
compared agamst the CHKNO and CHKSTOR. If the numbers do not match then the EVA^E EXECUTION exit 
k taken. Otherwise, if the numbers match, installation is continued, the assumption being that the software is 
being reinstalled in the authorized CPU. 15 

of Hp fp£?.r ^™^°. N b6 T y °1 3 " Umber ° f commands . i u ">PS. or routines that will thwart execution 
* D o, ,^^m^°1 24 - rtS Simp,est iom ' the evasive action <*" inc lude simply jumping to the end of the 
JT^ST- • Alternative| y- instal,at ion process can be altered by a routine which destroys or alters 
gtoberish 6 processed b V ^ I/O procedures in the APPLICATION 24. so that the user will obtain 

Once the software 20 has been installed on the PC 10. it is assumed that the software 20 will not invoke the 
WSTALL procedure unless prompted by the user. After installation, each time the diskette 12 is inserted into 
the dnver 18 for execution of the APPLICATION process 24. the INITIALIZE procedure 22 is automatically 
™tm Ti%=: er ^"sh connectivity between the software 20 and the DOS 16 necessary for execution In 
!. c^o Procedure, the routine illustrated in Figure 4 and Table III is encountered. First, the CPUID 36 
rH^n^n" 5 subjected ' to ' *■ enc ryption modality of ENCRYPT 32 to generate a check number. Then. 
CHKSTOR 30 is scanned to determine whether the check number generated by the ENCRYPT process 32 
matches a check number in CHKSTOR 30. If not, the EVADE EXECUTION exit is called, otherwise. INITIALIZE 
30 is completed and the application 24 is executed. 

JUVS^i R9Ure 5 ' £f neV f ? 6 diskette 12 is sub i ec ted to a COPY command by a personal computer, 
the ENCRYPT process 32 is called to generate a check number from the CPUID of the copying personal 
the SID on the disk. If the generated CHKNO does not match one in CHKSTOR 30. COPY 
rSS™ I 1 otbenyise ' COPY is executed, which results in copying of the software 20. including 

CHKSTOR 30. Thus, the software protection scheme of the invention will reside in the software copied onto 
another diskette. Alternatively, the inventor contemplates that a COPY command can be executed without 
enC K^°[l •'" Z 0mpa ? SOn ° f Check numbers - since the protection scheme of the invention would still be 
embedded I In , the copied software. Thus, if the software copy was intended to be run on a personal computer 
having a CPUID different from the CPUID 36. either the INSTALL process or the INITIALIZE process woulS sti! 
be effective in protecting the software 20 by preventing its use on an unauthorized PC. that is. one whose 

INST^Tl^LS CPU,D * tHiS C3Se ' ° f C ° UrSe ' eX6CUti0n Wi " ^ proceed furthe^tS 
As disclosed thus far. the invention as operated according to Tables II and III and Figures 3-5 is useful for 
^ 1 ^ " S ? or reP'ication of the diskette-borne software 20 on an authorized computing 
45 system, such as the PC 10 identified by the CPUID 36. In the case where a software vendor would lease 
software on a site lease basis with a predetermined number of unidentified CPUs authorized to use the 
fS^'i ! CapaC>ty , ° f CHKST0R 30 to store more than one check number permits the diskette 12 to be 
- rmfTJ 3 A=M^ Sen ' er (n0t ShoWn in Figure 1) that connects to a plurality of CPUs. In this case, 
ft S Z n T 3 CP . UID ,S ,nstal,ed in ****** system including a file server with the diskette 12 in 
SS^r! 16 - 1°^ ° f Fi9Ure 3 WOU,d be em P'°yed to not only make entries into the program 
%ZZT k t° r the ' nstalled CPU > but a'so to generate the check number for the CPU being installed and 
SEJSlS 8 ^ n «, mber Int ° CHKST0R 30 - Thereafter, whenever the APPLICATION 24 is executed by a CPU 
connected to the file server, the comparison step of the ENCRYPT routine would scan all of CHKSTOR 30 until 
either a match was found, or the end of CHKSTOR reached with no match of CHK numbers 
Jlw 'f" 16 ? d * at COpieS of the site-licensed software made by authorized CPUs would be 
2!SSr only ° n . ,he u c °Py n 9 CPU. In this regard, provision would be made in the CHK = CHK step of 
Figure 5 for confirming that the CPUID of the copying CPU is indeed in CHKSTOR 30 by scanning CHKSTOR 

CHK^ol thS D ° C0PY m ° dU,e WOU,d inc,Ude process means fo r invalidating all o?the sSs in 

SO InSofan 6 ISSJSTSS *" " *" ^ ™ S W0U,d "™ «™ b ^ 

JSnnlj^^Tl,^ f da Pt ation of the invention to an embodiment useful in. for example, a battlefield 
2n S ^ n^ 6 " ° rderS "* iSSU8d fr ° m 3 Secure command P° st to a Plurality of battlefield tactical 

E ^! «:.h rp C ' Ud K 9 3 com P u,in 9 epparatus with a uniquely-identified CPU. Each tactical CPU is referred 

«ftn and h ? f UmqUe ' SecUre fleld CPUID (FCPUID). The central command post has a CPU for 

65 issuing orders in encrypted program form carried on a diskette. The command post CPU is referred to as the 
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CCPU an.d has a secure identification (CCPUID). Thus, in Figure 7, the command post computer 50 has 
embedded in it the secure CCPUID 52 and stores a secure list of field CPUIDs 54. A pubtic-key encryption 
modality 56 encrypts the CCPUID with a selected FCPUID to generate a check number CHKNO which is placed 
on a diskette 58 at position 59. In addition, orders in encrypted form are written to the diskette 58 using the 
public-key process, and the diskette is then carried to a tactical field post having a field CPU 70. 

The diskette 58 is plugged into the field CPU 70, where a routine similar to the INITIALIZE routine of Figure 4 
is performed. In this routine, installation of the diskette 58 in the CPU 70 invokes a public-key decryption 
process 72 which is the inverse of the encryption process 56. The decryption process 72 can be included in the 
software on the diskette 58. The FCPUID 74 of the field CPU 70 and a public-key 76, which is known to the 
operator of the CPU 70, are fed to the decryption process which operates conventionally to decrypt the orders 
in encrypted form on the diskette 58. If the FCPUID of the CPU 70 matches the FCPUID used to encrypt the 
orders on the diskette 58, the decryption process will produce a clear text of the command post orders. 
Otherwise, either no action is taken to decrypt the software, or protective action to destroy or alter the 
software is undertaken. In this manner, orders can be transmitted using a relatively simple and straightforward 
scheme to protect the orders by a first level of encryption in which a known password or key and a secret 
password (the FCPUID) are provided to unlock access to the orders only in the event that the recipient of the 
physical embodiment of the orders (the diskette) can generate a key or password identical with the one on the 
diskette. 

It should be evident that the embodiments of the invention do not prevent illegal use on copying by a 
knowledgeable, determined person. However, they have the advantage of providing an inexpensive, easily 
Implemented means of making unauthorized use or copying very difficult, yet which makes authorized use or 
copying easy. 



Claims 



1. A method of controlling the use and replication of diskette software contents and the like on 
unauthorized diskette-driven computing systems, said method comprising the steps of: 

placing a first ID code in a preselected computing system ; 

associating a second ID code with a source of programming software for said computing system ; 
placing said second ID number on a diskette bearing a program obtained from said source, said program 
including an execution non-compliance feature; 

deriving a first check number through encryption of one of said ID numbers by the other of said ID 
numbers; 

placing said check number on said diskette ; and 

upon access of said diskette by any computing system, deriving a second check number through said 
encryption based upon said second ID number on said diskette and an ID number in said accessing 
computing system, comparing said second with said first check number, and bypassing the 
non-compliance feature in the event of a match. 

2. A method as claimed in Claim 1 wherein said second ID and said first check number are placed in said 
diskette when said program is installed in said computing system. 

3. A method as claimed in Claim 1 or Claim 2 wherein said access includes execution of said program. 

4. A method as claimed in Claim 1 wherein said access includes copying of said program to a second 
diskette. 

5. A method as claimed in Claim 1 wherein said step of placing said check number includes writing said 
check number to a predetermined storage area on said diskette, said predetermined storage area 
including storage space for a plurality of check numbers, and said step of comparing includes comparing 
said second check number with a check number in said storage area. 

6. A data processing system for authorizing use of diskette software contents on authorized computing 
systems, comprising : 

a diskette for storing application programs; 

a first computing system for entering software on said diskette, and including a first ID code identifying 
said first, and a secure list of ID codes identifying CPUs authorized to execute said software ; 
an encryption modality in said software for generating a first check number based upon an ID code from 
said list, said first check number being written onto said diskette with said software by said first 
computing system; 

a second computing system with a CPU for receiving said diskette and executing said software, said 
second computing system including a second ID code identifying its CPU; 

encryption means executable on said first and second computing systems for generating a first check 
number based upon public-key encryption of said first ID code and a second ID drawn from said list, said 
first check number being written onto said diskette with said software, and for generating a second check 
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number based upon said public-key encryption of said second ID code; and 

means for comparing said first and second check numbers and preventing execution of said software by 
said second computing system based upon mismatch of said check numbers. 
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